Clients stop communicating with Symantec Endpoint Protection Manager (SEPM) with HTTP 401 error in Sylink log and HTTP 401.1 error in IIS log
Question/Issue:
Clients stop communicating with SEPM after replacing the sylink or after re-deploying the client install package. Sylink monitor logs show HTTP 401 errors, and IIS logs show 401.1 errors.
Symptoms:
Clients loses the green dot and stops communicating with the manager. Dropping the sylink or re-deploying the client package does not restore communications.
The following entries are seen in the Sylink logs:
03/19 11:22:19 <SendRegistrationRequest:>http://SEPM.FQDN
03/19 11:22:19 <SendRegistrationRequest:>SMS return=401
03/19 11:22:19 <ParseHTTPStatusCode:>401=>Uninterpreted Status
03/19 11:22:19 <SendRegistrationRequest:>Content Length => 1539
03/19 11:22:19 HTTP return status code=401
The following entries are seen in the IIS logs:
2008-03-26 16:55:41 10.200.17.25 GET /microcall/mtserver.dll LastMessage 80 SEPM.FQDN\Administrator 10.200.17.25 MICROCALL 200 0 0
2008-03-26 16:55:41 127.0.0.1 GET /secars/secars.dll action=36 80 - 127.0.0.1 Java/1.5.0_14 401 1 0
2008-03-26 16:55:41 127.0.0.1 GET /secars/secars.dll action=36 80 - 127.0.0.1 Java/1.5.0_14 401 1 0
2008-03-26 16:55:41 127.0.0.1 GET /secars/secars.dll action=36 80 SEPM.FQDN\TWCSVR$ 127.0.0.1 Java/1.5.0_14 200 0 0
2008-03-26 16:55:42 127.0.0.1 GET /secars/secars.dll action=38&usn=114 80 - 127.0.0.1 Java/1.5.0_14 401 1 0
2008-03-26 16:55:42 127.0.0.1 GET /secars/secars.dll action=38&usn=114 80 - 127.0.0.1 Java/1.5.0_14 401 1 0
Cause:
The issue can occur if anonymous access is configured in IIS and the anonymous access account password is not same as than the actual information stored in local user database or in Active Directory.
Solution:
If the SEPM is on a Domain:
- Open IIS Manager
- Right click on the website in which SEPM is installed
- Click Properties
- Click on the Directory Security tab
- Under Authentication and access Control click Edit
- Make sure that Enable anonymous access is checked
- Add the IUSR account if not present
- Enter the IUSR password
- Restart the IISAdmin and SEPM services
To reset the IUSR account password (if needed)
- Open Active directory Users or Computers and search for the IUSR account
- Right click on the IUSR account and select Reset Password
- After resetting the password put the same password for the IUSR in IIS
- Restart the IISAdmin and SEPM Service
If the SEPM is in a Workgroup
- Open IIS Manager
- Right click on the website in which SEPM is installed
- Click Properties
- Click on the Directory Security tab
- Under Authentication and access Control click Edit
- Make sure that Enable anonymous access is checked
- Add the IUSR account if not present
- Enter the IUSR password
- Restart the IISAdmin and SEPM services
To reset the IUSR account password (if needed)
- Right click My Computer and choose Manage
- Expand Local Users and Groups
- Click on users and find the IUSR account
- Once found, right click on the user and click on reset password
References:
http://support.microsoft.com/kb/907273/
Document ID: 2008032702341648
Last Modified: 02/26/2010
Date Created: 03/26/2008
Operating System(s): Windows Server 2003 Web/Standard/Enterprise/Datacenter Edition
Product(s): Endpoint Protection 11
Release(s): Endpoint Protection 11.0.1
Cart
PRINT THIS PAGE